CVE-2025-41760
Received Received - Intake

Bypass of Traffic Filtering in UBR Due to Empty Pass Filter

Vulnerability report for CVE-2025-41760, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-03-09

Last updated on: 2026-03-11

Assigner: CERT VDE

Description

An administrator may attempt to block all traffic by configuring a pass filter with an empty table. However, in UBR, an empty list does not enforce any restrictions and allows all network traffic to pass unfiltered.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-03-09
Last Modified
2026-03-11
Generated
2026-07-06
AI Q&A
2026-03-09
EPSS Evaluated
2026-07-05
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
mbs-solutions universal_bacnet_router_firmware to 6.0.1.0 (exc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-636 When the product encounters an error condition or failure, its design requires it to fall back to a state that is less secure than other options that are available, such as selecting the weakest encryption algorithm or using the most permissive access control restrictions.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

This vulnerability occurs when an administrator tries to block all network traffic by configuring a pass filter with an empty table. In the UBR system, an empty list does not actually block any traffic but instead allows all network traffic to pass through without any filtering.

Impact Analysis

Because an empty pass filter does not restrict any traffic, it can lead to unintended exposure of the network by allowing all traffic to pass unfiltered. This could result in sensitive or harmful traffic reaching protected systems, potentially compromising confidentiality.

Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

I don't know

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-41760. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart